0

Im building a Chrome externsion which stores the user's passwords.

Is there a deterministic way to get the user's credentials under the assumption that the email input has a type Email and the passwords has a type Password?

<input type="email" />
<input type="password" />

What Ive tried so far is just taking the values of these fields using jQuery. The issue is that I dont know when he actually submits the login.

Listening to url changes (using chrome.tabs.onUpdated is not helpful because the user can either just press Back, go to a different url or submit the login).

Is there a way to get these credentials whenever:

  • Chrome alerts the user about new account+password
  • Chrome alerts the user about modified password
Ori Refael
  • 2,888
  • 3
  • 37
  • 68
  • You can look at the source code of other password manager's extensions like Dashlane and LastPass. – tildedash May 07 '17 at 15:42
  • Its a good idea but im afried they will probably be uglified. dont you think? – Ori Refael May 07 '17 at 15:46
  • @tildedash Ive checked LastPass. they are manually want you to store Web + user + password – Ori Refael May 07 '17 at 15:53
  • Dashlane saves it automatically, you could check the source code. If the code is obfucasted you can use http://jsbeautifier.org – tildedash May 07 '17 at 17:28
  • AFAIK, it's possible to get email address using [`getProfileUserInfo`](https://developer.chrome.com/apps/identity#method-getProfileUserInfo) method of [Chrome Identity API](https://developer.chrome.com/apps/identity). With regards to saving the password, you can use `chrome.privacy.services` with property `passwordSavingEnabled` set to true wherein if enabled, the password manager will ask if you want to save passwords (haven't tried though, how to possibly save the password). Suggested solution in this [SO post](http://stackoverflow.com/a/3268993) might help. – Teyam May 08 '17 at 11:39
  • Also, note that OAuth provides a mechanism for users to grant access to private data without sharing their private credentials (username/password). See this [documentation](https://developer.chrome.com/extensions/tut_oauth) for more information. – Teyam May 08 '17 at 11:39

0 Answers0